问题
I have the following docker-compose.yml file:
version: '3'
services:
frontend:
image: alpine
command: tail -f /dev/null
networks:
- shared
- default
backend:
image: alpine
command: tail -f /dev/null
networks:
- shared
- default
networks:
shared:
external: true
Based on the file from above I create two projects which use the same network (shared) and the same service names (frontend and backend):
docker-compose -p foo up -d
docker-compose -p bar up -d
Does the DNS of docker make sure that docker-compose -p foo exec frontend ping backend only resolves to the backend container in project foo and vice versa for project bar?
回答1:
Based on your setup I have used nslookup to find out whether the DNS resolution is isolated or not.
$ docker-compose -p foo exec frontend nslookup backend
Name: backend
Address 1: 172.19.0.2 foo_backend_1.shared
Address 2: 172.19.0.4 bar_backend_1.shared
As you can see from the output above, backend resolves to both of the containers.
回答2:
If you use docker swarm you can qualify hostnames with the service name to disambiguate containers. But I don't believe docker-compose does this.
回答3:
According to https://github.com/docker/compose/issues/4645, the resolve order in this case in non deterministic. Since the network is being converted to unordered dict in golang, the order is not preserved. Which implies https://github.com/docker/libnetwork/blob/master/sandbox.go#L593 the order of endpoints being queried don't match the order of network.
The solution is to define https://docs.docker.com/compose/compose-file/compose-file-v2/#priority if using docker-compose version 2. Or fully qualified dns name as service.network such as backend.foo_default or backend.shared.
来源:https://stackoverflow.com/questions/54506950/docker-dns-with-multiple-projects-using-the-same-network